Adobe, Kaspersky warn of botnet worm spreading via social networks

The maker of Flash and the leading security lab said earlier this week that a worm first discovered last Thursday is being spread through social networks disguised as a update to Flash Player.

Adobe says there is no update. The worms, dubbed Koobface.a and Koobface.b by security firm Kaspersky, spread themselves through leaving comments and messages on Facebook and MySpace, which are sent to friends of an infected user.

In order to trick the recipients into clicking on the links, the comments use names of celebrities or references to fake stories or videos. Some examples of comments' titles include "Paris Hilton Tosses Dwarf On The Street," and, "Examiners Caught Downloading Grades From The Internet."

Once a link is clicked, the user is redirected to a site that includes a video clip. The user cannot watch the video unless the update is applied. Once compelled to do so, the user then downloads and executes codesetup.exe which then installs the worm on the user's machine.

"Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high," senior virus analyst Alex Gostev said.

An infected computer would then become part of a botnet, which could be used later to launch additional attacks. It may also upload modules with additional functionality to the Internet.

Kaspersky said the worm only seems to be spreading through MySpace and Facebook, and not any of the other social networks at this time. Koobface.a is aimed at the former, while Koobface.b targets the latter.

It should be noted that Kaspersky has since detected four more variants of the worm, however it has not as yet provided any details on the specifics of the newer detections and what or whom they target. BetaNews had contacted the firm for additional information, and has been told to expect a response later this afternoon.